Imagine you are a digital forensic investigator for a healthcare organization.
You learn from your internal information security department that an employee
has been using password-cracking software to access confidential customer
insurance information. The account information extracted is unknown at this
time, though it appears as though multiple computers were being used for the
crime and it isn’t clear whether an attack is currently in progress. The
employee has been detained but his computers remain online.
Write a two to
three (2-3) page paper in which you:
1. Develop a detailed plan to approach and secure the incident scene based on
the information you have from the scenario.
- Discuss the initial steps you would take for the investigation, depending on
whether or not the attack is still in progress. Include how your actions would
differ based on the current status of the incident.
- Explicate the importance of creating an order of volatility by identifying
the potential evidence that is the most volatile. Explain, in detail, how you
would extract this evidence.
- Identify the high-level steps that would be performed in collecting and
analyzing the evidence. Include steps that are required, as well as what should
not be done, in order to maintain the potential admissibility of evidence.
- Use at least three (3) quality resources in this assignment. Note: Wikipedia
and similar Websites do not qualify as quality resources.
assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch
margins on all sides; citations and references must follow APA or
school-specific format. Check with your professor for any additional
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover page and
the reference page are not included in the required assignment page length.